twill-cloud-coding-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) allows creating tasks that reference arbitrary repository URLs (repository can be a full GitHub URL) and file URLs (files[].url) and then reads plan content and streamed job logs from the Twill API (GET /api/v1/tasks/:id and GET /api/v1/jobs/:jobId/logs/stream), so untrusted user-generated third-party content can be ingested and materially influence actions like approve-plan or cancel.